Pinterest Stumbleupon Whatsapp
Ads by Google

“You have a payment of $500 waiting in your PayPal account! All you have to do is click here!” – sound familiar?

According to a Kaspersky report (PDF), email phishing attacks — strangers contacting you pretending to be a bank or some other legitimate company — increased 87% from 2011 through 2013. This increase is despite the fact that rates of spam email — where legitimate companies send you advertisement-style emails — dropped from 2012 to 2013.

We could speculate that this shift from spam to phishing represents that phishing emails are more effective in getting email users like you or I to click on a link and give up our private information to these scam artists.

Here at MUO, we’ve covered phishing quite a bit, considering that it’s such a significant and growing security threat.  In 2011, Matt wrote up a great article describing phishing What Exactly Is Phishing & What Techniques Are Scammers Using? What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More and how you can recognize it.  Throughout the years, we’ve provided updates on new phishing vulnerabilities New Phishing Vulnerability Discovered In All Versions Of Android [Updates] New Phishing Vulnerability Discovered In All Versions Of Android [Updates] A new phishing technique utilizing SMS messages has just been in discovered in the Android Open Source Project. The vulnerability affects every version of Android going as far back as Donut (1.6), and all the... Read More  like the recent Google Login Page phishing effort New Phishing Scam Uses Scarily Accurate Google Login Page New Phishing Scam Uses Scarily Accurate Google Login Page You get a Google Doc link. You click it, then sign in to your Google account. Seems safe enough, right? Wrong, apparently. A sophisticated phishing setup is teaching the world another online security lesson. Read More in early 2014.

Be Vigilant Against Fake Emails

If there’s a single message to keep in mind here, it’s this — the number one defense against phishing is education. If you’re educated on simple ways to spot a phishing attack or some other email fraud, you will be able to fully protect yourself. There’s no software that’s going to do this for you. Nothing that will prevent you from clicking a link in an email, downloading a file, or logging into a fraudulent log in page. You are your only last defense against these threats.

In the past, we’ve described ways to use technology like DNS services and setting up a browser phishing list as safeguards against phishing 4 General Methods You Can Use To Detect Phishing Attacks 4 General Methods You Can Use To Detect Phishing Attacks A "phish" is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account... Read More , but in addition to that technology, there are certain aspects of incoming email you can keep an eye out for to identify and delete dangerous emails.

Ads by Google

Human Greed

Email scam artists will prey on human emotion to get you to click on that email link.  The most common emotions used are greed, guilt, kindness, lust, and fear. The first sort of phishing emails I would like to focus on involve greed.

Up until now, these were also the most common forms of phishing emails.

fake-bounce-emails4

Usually these involve some sort of legal “beneficiary” arrangements where someone needs your help paying a beneficiary out of country. You — being lucky enough to live in a part of the world that allows for such safe financial transfers free from government corruption — get to be the middle-man in a simple financial transfer. For your efforts, you’re promised a very comfortable fee as payment.

fake-bounce-emails5

These emails often look pretty official, with a footer signature mentioning some huge organization that couldn’t possibly be involved in such a fraud, right?  This is true — but the problem is, the person isn’t really from that agency. This is the age-old fraud known as the Nigerian 419 scam. The number 419 referring to the Nigerian criminal code for fraud.

This scam just requires you to email the person back and once you do, they’ll start weaving a long and convincing story, eventually culminating with you providing your bank account information.

Not all of these specifically mention the country of Nigeria by the way. Such phishing emails roll into email accounts across the world mentioning assistance needed with transferring money out of China, the Middle East, and other regions.

financial-scam2

These are real people — not bots — who will respond to you when you email them. They may even sound quite convincing. Rest assured, they are criminals hoping for some sorry sap to reply to one of these emails.  When you see this, quickly press the delete button. If you respond, the only thing that will be transferred is money out of your bank account.

People that fall for this aren’t stupid. Just check out this ZDnet video where vicim “Jill” admits to losing over $300,000 over four years.

Human Kindness

Email scammers don’t just prey on negative human emotions. If you’re a nice person, they’re targeting you too. One common approach is to email you posing as a charity. Most of the time these are charities that you’ve never heard of — not usually a major national or international one — because in that case the email address would need to be associated with that agency.

Instead, scammers mention some important cause that they’re “funding”, and need your support. The email address is usually of some free email service variety.

fraud-charity

An even more common email scam is that of the account hijack and mass email. This is where one of your friends or contacts with an email account that’s not very secure, ends up having their email account hijacked.

The hacker will then send out emails to everyone on that person’s contact list telling a sob story about being stranded somewhere, and needing money.

lost-and-stranded

They wait for an email reply, string out the story a little bit longer, and then they’ll ask you to send money via some service like Western Union or some other wire transfer service.  I’ve even heard stories of people having phone conversations with these scam artists. One elderly lady convinced that her nephew was stranded somewhere in France, and almost sent him $3,000 before her family convinced her otherwise.

Your Poor Memory

You’re busy. You can’t remember half of the stuff you signed up for online last week, let alone last month. Some email scammers are counting on your lack of memory when they send out those phishing emails informing you that your application has been approved, or that you’re the winner of some contest that you don’t remember entering.

One of my favorites is the “Your application has been approved” email, because it’s just so brilliant. It’s especially effective against very busy people who might be very active online. You won’t recall applying — but your curiosity may get the best of you, so you go ahead and click that link. The rest is history.

application-approved

Even more common are the “You are a winner” emails. Everyone loves to win prizes, and sometimes the amounts are so exciting that it’s very hard to resist replying to that email and “accepting” your prize.

contest-winner

The way these usually work is that in order to receive your alleged winnings, you need to provide your bank information for “direct deposit”. What ends up happening is a direct withdrawal instead!

These phishing emails are particularly effective because who doesn’t want to believe that they’ve finally won a prize?

free-gift-fraud

Here’s a word of advice to protect yourself from these scam artists. If you can’t remember signing up for something, the odds are pretty good you didn’t. Don’t click that link. Press “Delete” instead.

Looking for Love

You know how they say in marketing that “sex sells”?  Well, unfortunately in the email scam artist’s world, the same rule applies. Every day, countless emails go out to mostly unsuspecting men that are allegedly from women looking for a boyfriend, a date, an affair and everything in between.

fake-love

These scam artists count on you either clicking on the link (usually a tinyurl type link), or responding to the email itself, asking to see those photos or starting a conversation.

fake-bounce-emails6

What you end up in these cases is usually a scam artist (not even usually a woman, by the way), responding to you and dragging you along into eventually either signing up for some silly online dating service in order to “continue the conversation in private”.

Even worse, there are cases where the scam artist will pretend to be in some sort of financial crisis or in some kind of danger, eventually convincing the unsuspecting victim (you) to send money in order the help this poor, defenseless woman who is just looking for a man to take care of her.

fake-love

It should go without saying that you should ignore these emails. Unfortunately, the fact that they even continue to exist means that their success rate must be especially high. If you are looking for love, I definitely recommend putting your best foot forward on dating websites Online Dating - Men Don't Get It And Women Don't Understand Online Dating - Men Don't Get It And Women Don't Understand Do online dating websites work? It's time for a frank discussion! What I learned from interviews was that online dating is equally painful for men and for women, but for very different reasons. Read More , but responding to these emails won’t get you love. They’ll just give you an empty wallet.

Using Fear Against You

The last most common fraud email is one that I’ve dubbed the “Shock and Awe” approach. Basically, this is similar to the age-old tactic of faking an email from a legitimate organization like Paypal or Facebook 5 Tips & Tricks To Avoid Facebook Phishing Scams 5 Tips & Tricks To Avoid Facebook Phishing Scams Read More , but in this case the organization is some non-profit or government agency in charge of protecting public safety.

The email will warn of something shocking that will catch your attention, such as a warning that local loan interest rates have hit rock bottom (“click here to get your low rates now!”), or more recently, an alert that a sex offender has moved into your neighborhood.

We’ve advised about this before and we’ll advise it again — don’t click on links inside of emails like this! If you really are concerned there’s a warning, hover over the link and check the URL in the status bar on your browser. If you can’t find the URL in the status bar, then right click on the link and choose to copy the link address.

shock-email-check-link

Paste the URL into Notepad to see where the actual link will take you.

shock-email-link-result

What you’ll discover is that it goes to some silly dot-com URL that you probably won’t recognize, not some .org or .gov URL like you’d expect if it came from a legitimate agency.

The truth is that the single most effective way to protect yourself from phishing emails and frauds that prey on human emotions like this is to remove all of these emotions when you’re dealing with your email inbox. Most online email services these days are pretty effective at recognizing most of these emails and moving them to the spam folder, but when they don’t, your own common sense and caution will go a very long way toward protecting you from the rest.

  1. Pradeep
    September 30, 2016 at 4:10 pm

    I got a job offer from St Regis hotel new York, they didn't ask me money but they only saw my cv and ask me some questions through mail I replied then they send visa application form, job application form is it genuine or not

  2. Polu
    June 4, 2014 at 6:20 pm

    Very interesting article. Here is another one, which describes 3 keys to recognize phishing attack. I think that these tips are quite effective for recognition: http://blogen.stickypassword.com/3-keys-to-protect-yourself-from-phishing-attacks/

  3. Kenny B
    June 2, 2014 at 9:35 pm

    When this article first appeared there was a link to full article which described how to check if the email was sent from genuine ip etc and also refering to emails sent by you to yourself do you have the link

  4. Bben
    May 29, 2014 at 5:58 pm

    You left out the advance fee fraud.
    My aunt almost got taken on one of these when she was trying to rent out a house on Craigslist - She got an email reply supposedly from England where the scammer was going to be moving to the area to take a job ( in rural South Carolina?) He wanted to send a cashiers check for US$5000 to cover the first couple of months rent - and she was to send the rest ( about $3000) on to an address in New York City - supposedly the decorator who was going to do some decorating before they moved in.

    I caught it before she did anything.
    FAQs before someone comments
    1. Rent is cheap here (rural South Carolina) - that house normally rents for about $700/mo. But the nearest city is nearly an hour drive away and there is NO public transportation.
    2. NY city is over 650 miles away ( 10+ hours driving)
    3. Nobody redecorates a rental house before moving in and sight unseen.
    4. No asking about utility cost, transportation, shopping, schools or any of the other things a foreigner would need to know before moving here.
    5 Neighbors? Yes we have neighbors, the closest is about a half mile away. If you get in trouble you are likely on your own.
    6. And just for any Brits reading this - Pubs? Whats that? There is a red neck biker bar out on the highway about 4 miles away.

  5. Shahzad A
    May 29, 2014 at 4:22 pm

    Interesting article! I sometimes use exactly the same tweaks :)

Leave a Reply

Your email address will not be published. Required fields are marked *